Re: [uug] Debian ssh

Thu, 18 Sep 2003 11:31:39 -0700 

On Thu, Sep 18, 2003 at 04:09:19PM +0000, Jason Holt wrote:
> 
> What's the deal?  debian.org lists the ssh vulnerabilities, but only mentions
> a fixed version for the stable release.  AFAICT, testing is still at the old
> version.  Are they just slow, or what?

Yes, testing is slow.  The Debian team supports its release versions
very well.  ``testing'' and ``unstable'' branches are essentially beta
versions, and if you have them deployed in a production environment,
you are using Debian in a way that the developers do not support.
Security updates only apply to release versions in Debian.

You can kludge things by including both testing and unstable
repositories in your sources.list, and then using apt_preferences to
tweak the versioning of the individual packages on the system.  That
way, if you are made aware of security issues with any given package,
you can force it to download from the unstable branch.  But all that
is messy, and things *will* break in the testing and unstable
branches (it's just a matter of the number of packages and time).  It
is expected, of course, that you file a bug report (or a patch) when
things don't work right in the testing or unstable branches.

Personally, I run Debian stable on my firewall/NAT/server with
cron-apt doing the automated updates, I run Debian testing on my
wife's machine, and I run Debian unstable on my own machine; both of
the latter machines are single-user only and protected from incoming
connections by the firewall.  This mitigates most of the risk with
security vulnerabilities.

Mike

-- 
------------------------------------------- | ---------------------
Michael Halcrow                             | [EMAIL PROTECTED]     
Developer, IBM Linux Technology Center      |                      
                                            |
Where did you want to go yesterday?         |
------------------------------------------- | ---------------------
GnuPG Keyprint:  05B5 08A8 713A 64C1 D35D  2371 2D3C FDDA 3EB6 601D

Attachment: pgp00000.pgp
Description: PGP signature

____________________
BYU Unix Users Group 
http://uug.byu.edu/ 
___________________________________________________________________
List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list

Reply via email to